Open topic with navigation

CuteEditor Security

CuteEditor can display a stack trace in error information that might pose a security risk. To stop this possible security leak, you must edit the web.config files as explained in the following sections.

Editing the eWeb Web.Config File

To generate the error, open eWeb, then paste the following example into the browser address box:

http://mywebsite/eweb/CuteSoft_Client/CuteEditor/Load.ashx?type=style&file=<%25%20whs=21705%20%25>whscheck<%25=%20whs.to_s%20%25>&=SyntaxHighlighter.css

Where mywebsite is the address of your organization's specific eWeb site.

You should see a detailed error with the stack trace.

To replace this error with a less verbose, security-neutral error message, use the following steps:

1. Go to eWeb\CuteSoft_Client\web.config.
2. Open the web.config file in a text editor.
3. Search for the following tag: <system.web>. You'll find the following section:

   <?xml version="1.0" encoding="utf-8" ?>

   <configuration>

   <system.web>

   <globalization requestEncoding="utf-8" responseEncoding="utf-8" />

   <compilation debug="true"/>

   <customErrors mode="Off"/>

   </system.web>

   </configuration>

    

4. Change the customErrors mode value to On.
5. Save the web.config. The application pool recycles.
   

Editing the iWeb Web.Config File

1. Go to iWeb\forms\CuteEditor\CuteSoft_Client\web.config.
2. Open the web.config file in a text editor.
3. Search for the following tag: <system.web>. You'll find the following section:

   <?xml version="1.0" encoding="utf-8" ?>

   <configuration>

   <system.web>

   <globalization requestEncoding="utf-8" responseEncoding="utf-8" />

   <compilation debug="true"/>

   <customErrors mode="Off"/>

   </system.web>

   </configuration>

    

4. Change the customErrors mode value to On.
5. Save the web.config. The application pool recycles.